Why ubuntu doesn't use https as default for apt update? [duplicate]
This question already has an answer here:
Are repository lists secure? Is there an HTTPS version?
2 answers
If we do an apt update or apt-get update it uses http for fetching updates. We can change the source to secure https by editing the url of sources.list /etc/apt/sources.list but most cases this doesn't work. Why doesn't ubuntu force https for apt update?
updates software-sources
asked Dec 24 '18 at 8:59
EkaEka
1,01362038
marked as duplicate by Kulfy, karel, Eric Carvalho, Fabby, pomsky Dec 25 '18 at 13:25
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
add a comment |
This question already has an answer here:
Are repository lists secure? Is there an HTTPS version?
2 answers
If we do an apt update or apt-get update it uses http for fetching updates. We can change the source to secure https by editing the url of sources.list /etc/apt/sources.list but most cases this doesn't work. Why doesn't ubuntu force https for apt update?
updates software-sources
asked Dec 24 '18 at 8:59
EkaEka
1,01362038
marked as duplicate by Kulfy, karel, Eric Carvalho, Fabby, pomsky Dec 25 '18 at 13:25
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
Related: Are repository lists secure? Is there an HTTPS version?
– Kulfy
Dec 24 '18 at 11:31
add a comment |
This question already has an answer here:
Are repository lists secure? Is there an HTTPS version?
2 answers
If we do an apt update or apt-get update it uses http for fetching updates. We can change the source to secure https by editing the url of sources.list /etc/apt/sources.list but most cases this doesn't work. Why doesn't ubuntu force https for apt update?
updates software-sources
asked Dec 24 '18 at 8:59
EkaEka
1,01362038
This question already has an answer here:
Are repository lists secure? Is there an HTTPS version?
2 answers
If we do an apt update or apt-get update it uses http for fetching updates. We can change the source to secure https by editing the url of sources.list /etc/apt/sources.list but most cases this doesn't work. Why doesn't ubuntu force https for apt update?
This question already has an answer here:
Are repository lists secure? Is there an HTTPS version?
2 answers
updates software-sources
updates software-sources
asked Dec 24 '18 at 8:59
EkaEka
1,01362038
asked Dec 24 '18 at 8:59
EkaEka
1,01362038
asked Dec 24 '18 at 8:59
EkaEka
1,01362038
asked Dec 24 '18 at 8:59
EkaEka
1,01362038
asked Dec 24 '18 at 8:59
EkaEka
1,01362038
1,01362038
marked as duplicate by Kulfy, karel, Eric Carvalho, Fabby, pomsky Dec 25 '18 at 13:25
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
marked as duplicate by Kulfy, karel, Eric Carvalho, Fabby, pomsky Dec 25 '18 at 13:25
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
Related: Are repository lists secure? Is there an HTTPS version?
– Kulfy
Dec 24 '18 at 11:31
add a comment |
Related: Are repository lists secure? Is there an HTTPS version?
– Kulfy
Dec 24 '18 at 11:31
Related: Are repository lists secure? Is there an HTTPS version?
– Kulfy
Dec 24 '18 at 11:31
Related: Are repository lists secure? Is there an HTTPS version?
– Kulfy
Dec 24 '18 at 11:31
add a comment |
1 Answer
1
active
oldest
votes
Only thing you gain is the secrecy about what kind of software you're installing.
One of the reasons why https is annoying are the corporate firewalls that want to decrypt https. You have to deal with their certificates, slowness and bugs.
So it's easier to stick with http and apt's built-in GPG for origin and integrity checks. Especially when the "what software you're installing" is seen anyway if you're using lots of products that have their own repositories. Probably need to Tor it if you want to hide the fact that you've accessed the google-chrome repo, docker repo, etc.
answered Dec 24 '18 at 11:06
VelkanVelkan
2,2451826
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Only thing you gain is the secrecy about what kind of software you're installing.
One of the reasons why https is annoying are the corporate firewalls that want to decrypt https. You have to deal with their certificates, slowness and bugs.
So it's easier to stick with http and apt's built-in GPG for origin and integrity checks. Especially when the "what software you're installing" is seen anyway if you're using lots of products that have their own repositories. Probably need to Tor it if you want to hide the fact that you've accessed the google-chrome repo, docker repo, etc.
answered Dec 24 '18 at 11:06
VelkanVelkan
2,2451826
add a comment |
Only thing you gain is the secrecy about what kind of software you're installing.
One of the reasons why https is annoying are the corporate firewalls that want to decrypt https. You have to deal with their certificates, slowness and bugs.
So it's easier to stick with http and apt's built-in GPG for origin and integrity checks. Especially when the "what software you're installing" is seen anyway if you're using lots of products that have their own repositories. Probably need to Tor it if you want to hide the fact that you've accessed the google-chrome repo, docker repo, etc.
answered Dec 24 '18 at 11:06
VelkanVelkan
2,2451826
add a comment |
Only thing you gain is the secrecy about what kind of software you're installing.
One of the reasons why https is annoying are the corporate firewalls that want to decrypt https. You have to deal with their certificates, slowness and bugs.
So it's easier to stick with http and apt's built-in GPG for origin and integrity checks. Especially when the "what software you're installing" is seen anyway if you're using lots of products that have their own repositories. Probably need to Tor it if you want to hide the fact that you've accessed the google-chrome repo, docker repo, etc.
answered Dec 24 '18 at 11:06
VelkanVelkan
2,2451826
Only thing you gain is the secrecy about what kind of software you're installing.
One of the reasons why https is annoying are the corporate firewalls that want to decrypt https. You have to deal with their certificates, slowness and bugs.
So it's easier to stick with http and apt's built-in GPG for origin and integrity checks. Especially when the "what software you're installing" is seen anyway if you're using lots of products that have their own repositories. Probably need to Tor it if you want to hide the fact that you've accessed the google-chrome repo, docker repo, etc.
answered Dec 24 '18 at 11:06
VelkanVelkan
2,2451826
answered Dec 24 '18 at 11:06
VelkanVelkan
2,2451826
answered Dec 24 '18 at 11:06
VelkanVelkan
2,2451826
answered Dec 24 '18 at 11:06
VelkanVelkan
2,2451826
2,2451826
add a comment |
add a comment |
Related: Are repository lists secure? Is there an HTTPS version?
– Kulfy
Dec 24 '18 at 11:31